newton-core 0.4.16

newton protocol core sdk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

/// SP1 attestation proof generation
pub mod attestation;

/// RISC0 module
pub mod risc0;

/// SP1 module
pub mod sp1;

use alloy::primitives::FixedBytes;
use risc0_zkvm::{Digest, Receipt};
use serde::{Deserialize, Serialize};
use sp1_sdk::{HashableKey, Prover, ProverClient, SP1ProofWithPublicValues, SP1VerifyingKey};
use std::path::PathBuf;

use crate::{
    generated::rego_verifier::IRegoVerifier::RegoContext,
    newton_prover_task_manager::INewtonProverTaskManager::{Task, TaskResponse},
};

/// SP1 Rego ELF binary
pub const SP1_REGO_ELF: &[u8] = include_bytes!("./elf/sp1-rego");

/// SP1 Attestation verification ELF binary
pub const SP1_ATTESTATION_ELF: &[u8] = include_bytes!("./elf/sp1-attestation");

/// Enum representing the available zkvm types
#[derive(strum_macros::Display, Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[strum(serialize_all = "lowercase")]
pub enum Zkvm {
    /// Sp1 zkvm type
    Sp1,
    /// Risc0 zkvm type
    Risc0,
}

/// Enum representing the available proof systems
#[derive(strum_macros::Display, Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[strum(serialize_all = "lowercase")]
pub enum ProofSystem {
    /// Groth16 proof system
    Groth16,
    /// Plonk proof system
    Plonk,
}

/// Enum representing the available proof structs
#[derive(Clone, Serialize, Deserialize)]
pub enum Proof {
    /// Sp1 proof
    Sp1 {
        /// Journal   
        journal: Vec<u8>,
        /// Verifying key
        vk: SP1VerifyingKey,
        /// Proof
        proof: SP1ProofWithPublicValues,
        /// Request ID
        request_id: FixedBytes<32>,
    },
    /// Risc0 proof
    Risc0 {
        /// Receipt
        receipt: Receipt,
        /// Image ID
        image_id: Digest,
        /// Seal
        seal: Vec<u8>,
    },
}

impl std::fmt::Debug for Proof {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Proof::Sp1 {
                journal,
                vk,
                proof,
                request_id,
            } => write!(
                f,
                "Proof::Sp1 {{ journal: {:?}, vk: {:?}, proof bytes: {:?}, request_id: {:?} }}",
                crate::hex!(journal.as_slice()),
                vk.bytes32().to_string().as_str(),
                crate::hex!(proof.bytes()),
                crate::hex!(request_id)
            ),
            Proof::Risc0 {
                receipt,
                image_id,
                seal,
            } => write!(
                f,
                "Proof::Risc0 {{ journal: {:?}, image_id: {:?}, seal: {:?} }}",
                crate::hex!(receipt.journal.bytes.as_slice()),
                crate::hex!(image_id),
                crate::hex!(seal.as_slice())
            ),
        }
    }
}

/// Proves the policy evaluation result using the specified zkvm
/// # Arguments
/// * `circuit` - The circuit to prove
/// * `zkvm` - The zkvm to use
/// * `task` - The task to prove
/// * `task_response` - The task response to prove
/// * `entrypoint` - The entrypoint to prove
/// # Returns
/// A `Result` containing the proof, or an error if the proof fails
pub async fn prove(
    circuit: Vec<u8>,
    zkvm: Zkvm,
    task: Task,
    task_response: TaskResponse,
    entrypoint: String,
) -> eyre::Result<Proof> {
    match zkvm {
        Zkvm::Sp1 => sp1::prove(circuit, task, task_response, entrypoint).await,
        Zkvm::Risc0 => risc0::prove(circuit, task, task_response, entrypoint).await,
    }
}

/// Verifies the zk proof
/// # Arguments
/// * `proof_bytes` - The proof to verify
/// * `proof_type` - The proof type
pub async fn verify_raw_proof(proof_bytes: Vec<u8>, vkey_bytes: Vec<u8>, proof_type: Zkvm) -> eyre::Result<bool> {
    let result = match proof_type {
        Zkvm::Sp1 => {
            let vk = serde_json::from_slice::<SP1VerifyingKey>(&vkey_bytes)?;
            let proof = serde_json::from_slice::<SP1ProofWithPublicValues>(&proof_bytes)?;
            ProverClient::from_env()
                .await
                .verify(&proof, &vk, None)
                .map_err(|e| eyre::eyre!("SP1 verification failed: {}", e))
        }
        Zkvm::Risc0 => {
            let receipt = serde_json::from_slice::<Receipt>(&proof_bytes)?;
            let image_id = serde_json::from_slice::<Digest>(&vkey_bytes)?;
            receipt
                .verify(image_id)
                .map_err(|e| eyre::eyre!("Risc0 verification failed: {}", e))
        }
    };
    Ok(result.is_ok())
}